vmware-mount which is a suid binary has a flaw in the way librariesare loaded. This issue could allow local users on the host toexecute arbitrary shared object files with root privileges.

VMware Workstation and Player running on Microsoft Windows are notaffected.

The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the name CVE-2010-4296 to this issue.

VMware would like to thank Martin Carpenter for reporting thisissue.

The following table lists what action remediates the vulnerability(column 4) if a solution is available.

VMware Product =============

Product Version ========

Running On =======

Replace with Apply Path =================

VMware Product =============
VirtualCenter

Product Version ========
any

Running On =======
Windows

Replace with Apply Path =================
not affected

VMware Product =============
Workstation

Product Version ========
7.x

Running On =======
Linux

Replace with Apply Path =================
7.1.2 Build 301548 or later

VMware Product =============
Workstation

Product Version ========
7.x

Running On =======
Windows

Replace with Apply Path =================
not affected

VMware Product =============
Workstation

Product Version ========
6.5.x

Running On =======
any

Replace with Apply Path =================
not affected

VMware Product =============
Player

Product Version ========
3.1.x

Running On =======
Linux

Replace with Apply Path =================
3.1.2 Build 301548 or later

VMware Product =============
Player

Product Version ========
3.1.x

Running On =======
Windows

Replace with Apply Path =================
not affected

VMware Product =============
Player

Product Version ========
2.5.x

Running On =======
any

Replace with Apply Path =================
not affected

VMware Product =============
AMS

Product Version ========
any

Running On =======
any

Replace with Apply Path =================
not affected

VMware Product =============
Server

Product Version ========
2.0.2

Running On =======
Linux

Replace with Apply Path =================
affected, no patch planned

VMware Product =============
Server

Product Version ========
2.0.2

Running On =======
Windows

Replace with Apply Path =================
not affected

VMware Product =============
Fusion

Product Version ========
3.1.x

Running On =======
Mac OS/X

Replace with Apply Path =================
3.1.2 Build 332101

VMware Product =============
Fusion

Product Version ========
2.x

Running On =======
Mac OS/X

Replace with Apply Path =================
not affected

VMware Product =============
ESXi

Product Version ========
any

Running On =======
ESXi

Replace with Apply Path =================
not affected

VMware Product =============
ESXi

Product Version ========
any

Running On =======
ESXi

Replace with Apply Path =================
not affected

c. OS Command Injection in VMware Tools update

A vulnerability in the input validation of VMware Tools updateallows for injection of commands. The issue could allow a useron the host to execute commands on the guest operating systemwith root privileges.

The issue can only be exploited if VMware Tools is not fullyup-to-date. Windows-based virtual machines are not affected.

The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the name CVE-2010-4297 to this issue.

VMware would like to thank Nahuel Grisolia of Bonsai Information Security,http://www.bonsai-sec.com , for reporting this issue.

Column 4 of the following table lists the action required toremediate the vulnerability in each release, if a solution isavailable.

VMware Product =============

Product Version ========

Running On =======

Replace with Apply Path =================

VMware Product =============
VirtualCenter

Product Version ========
any

Running On =======
Windows

Replace with Apply Path =================
not affected

VMware Product =============
Workstation

Product Version ========
7.x

Running On =======
any

Replace with Apply Path =================
7.1.2 Build 301548 or later

VMware Product =============
Workstation

Product Version ========
6.5.x

Running On =======
any

Replace with Apply Path =================
6.5.5 Build 328052 or later

VMware Product =============
Player

Product Version ========
3.1.x

Running On =======
any

Replace with Apply Path =================
3.1.2 Build 301548 or later

VMware Product =============
Player

Product Version ========
2.5.x

Running On =======
any

Replace with Apply Path =================
2.5.5 Build 328052 or later

VMware Product =============
AMS

Product Version ========
any

Running On =======
any

Replace with Apply Path =================
not affected

VMware Product =============
Server

Product Version ========
2.0.2

Running On =======
any

Replace with Apply Path =================
affected, no patch planned

VMware Product =============
Fusion

Product Version ========
3.1.x

Running On =======
Mac OS/X

Replace with Apply Path =================
3.1.2 Build 332101

VMware Product =============
Fusion

Product Version ========
2.x

Running On =======
Mac OS/X

Replace with Apply Path =================
2.0.8 Build 328035

VMware Product =============
ESXi

Product Version ========
4.1

Running On =======
ESXi

Replace with Apply Path =================
ESXi410-201010402-BG

VMware Product =============
ESXi

Product Version ========
4.0

Running On =======
ESXi

Replace with Apply Path =================
ESXi400-201009402-BG

VMware Product =============
ESXi

Product Version ========
3.5

Running On =======
ESXi

Replace with Apply Path =================
ESXe350-201008402-T-BG **

VMware Product =============
ESX

Product Version ========
4.1

Running On =======
ESX

Replace with Apply Path =================
ESX410-201010405-BG

VMware Product =============
ESX

Product Version ========
4.0

Running On =======
ESX

Replace with Apply Path =================
ESX400-201009401-SG

VMware Product =============
ESX

Product Version ========
3.5

Running On =======
ESX

Replace with Apply Path =================
ESX350-201008409-BG **

VMware Product =============
ESX

Product Version ========
3.0.3

Running On =======
ESX

Replace with Apply Path =================
not affected

* hosted products are VMware Workstation, Player, ACE, Fusion.** Non Windows-based guest systems on ESXi 3.5 and ESX 3.5 only:- Install the relevant ESX patch.- Manually upgrade tools in the virtual machine (virtual machineusers will not be prompted to upgrade tools). Note the VI Client may not show that the VMware tools is out of date in the summary tab.

d. VMware VMnc Codec frame decompression remote code execution

The VMware movie decoder contains the VMnc media codec that isrequired to play back movies recorded with VMware Workstation,VMware Player and VMware ACE, in any compatible media player. Themovie decoder is installed as part of VMware Workstation, VMwarePlayer and VMware ACE, or can be downloaded as a stand alonepackage.

A function in the decoder frame decompression routine implicitlytrusts a size value. An attacker can utilize this to miscalculatea destination pointer, leading to the corruption of a heap buffer,and could allow for execution of arbitrary code with the privilegesof the user running an application utilizing the vulnerable codec.

For an attack to be successful the user must be tricked intovisiting a malicious web page or opening a malicious video file ona system that has the vulnerable version of the VMnc codec installed.

The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the name CVE-2010-4294 to this issue.

VMware would like to thank Aaron Portnoy and Logan Brown ofTippingPoint DVLabs for reporting this issue.

Column 4 of the following table lists the action required toremediate the vulnerability in each release, if a solution isavailable.

VMware Product =============

Product Version ========

Running On =======

Replace with Apply Path =================

VMware Product =============
VirtualCenter

Product Version ========
any

Running On =======
Windows

Replace with Apply Path =================
not affected

VMware Product =============
Movie Decoder

Product Version ========
any

Running On =======
Windows

Replace with Apply Path =================
7.1.2 Build 301548 or later

VMware Product =============
Movie Decoder

Product Version ========
any

Running On =======
Windows

Replace with Apply Path =================
6.5.5 Build 328052 or later

VMware Product =============
Workstation

Product Version ========
7.x

Running On =======
Windows

Replace with Apply Path =================
7.1.2 Build 301548 or later

VMware Product =============
Workstation

Product Version ========
7.x

Running On =======
Linux

Replace with Apply Path =================
not affected

VMware Product =============
Workstation

Product Version ========
6.5.x

Running On =======
Windows

Replace with Apply Path =================
6.5.5 build 328052 or later

VMware Product =============
Workstation

Product Version ========
6.5.x

Running On =======
Linux

Replace with Apply Path =================
not affected

VMware Product =============
Player

Product Version ========
3.x

Running On =======
Windows

Replace with Apply Path =================
3.1.2 Build 301548 or later

VMware Product =============
Player

Product Version ========
3.x

Running On =======
Linux

Replace with Apply Path =================
not affected

VMware Product =============
Player

Product Version ========
2.5.x

Running On =======
Windows

Replace with Apply Path =================
2.5.5 build 246459 or later

VMware Product =============
Player

Product Version ========
2.5.x

Running On =======
Linux

Replace with Apply Path =================
not affected

VMware Product =============
Fusion

Product Version ========
any

Running On =======
Mac OS/X

Replace with Apply Path =================
not affected

VMware Product =============
ESXi

Product Version ========
any

Running On =======
ESXi

Replace with Apply Path =================
not affected

VMware Product =============
ESX

Product Version ========
any

Running On =======
ESX

Replace with Apply Path =================
not affected

4. Solution

Please review the patch/release notes for your product and versionand verify the md5sum and/or the sha1sum of your downloaded file.